Malware

MSIL/Agent.NHK removal

Malware Removal

The MSIL/Agent.NHK is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What MSIL/Agent.NHK virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Sample contains Overlay data
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Checks adapter addresses which can be used to detect virtual network interfaces
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Created a process from a suspicious location
  • Collects and encrypts information about the computer likely to send to C2 server
  • Installs itself for autorun at Windows startup
  • Likely virus infection of existing system binary
  • Creates a copy of itself
  • Harvests credentials from local FTP client softwares
  • Unusual version info supplied for binary
  • Attempts to modify Explorer settings to prevent hidden files from being displayed

How to determine MSIL/Agent.NHK?



File Info:

name: 714C7D5A5A5BFCF31C4F.mlw
path: /opt/CAPEv2/storage/binaries/bfec58fb358946ddf828b8522b57268c4f99d76f82794a478c8edbab5befc50d
crc32: 4905C53D
md5: 714c7d5a5a5bfcf31c4f76c7853013be
sha1: b0eda7ec4455dfe4e0a24de737fbed8d2c8336bd
sha256: bfec58fb358946ddf828b8522b57268c4f99d76f82794a478c8edbab5befc50d
sha512: 5832783bb510e5a7a77d044b32b785ea9d4ecb837e57bc687b9d3fc54aeff9fdeae18283044607c0ddf8a6f4c73f59582114e0572e1778370fd791a59c09da8e
ssdeep: 768:46lJ40YEiiCGMGHG7e01yzx611pvy9BtNQJt/2e4fYsPI:Pk0Yhyr93NQJtZ36I
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T134D409082B8FA7EBEBBD1AB802A6E24507F5C1531112FB0A7DCE75E517D27D40B052E6
sha3_384: d329802782aab94136d006206815ad62a4b8546f2c1f76571148a8c0b6d9c27b7eec66d71c15f590ef92fed909a1942f
ep_bytes: ff250020400000000000000000000000
timestamp: 2011-04-28 12:13:28


Version Info:

Comments: Windows Graphisolierung für Audiohdgeräte
CompanyName: Windows Graphisolierung für Audiohdgeräte
FileDescription: audiohd.exe
FileVersion: 8.3.6.1
InternalName: audio.exe
LegalCopyright: Copyright © Microsoft
OriginalFilename: audio.exe
ProductName: Windows Graphisolierung für Audiohdgeräte
ProductVersion: 8.3.6.1
Assembly Version: 4.1.3.6
Translation: 0x0000 0x04b0

MSIL/Agent.NHK also known as:

BkavW32.AIDetectNet.01
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Ursu.827339
ALYacGen:Variant.Ursu.827339
CylanceUnsafe
ZillyaTrojan.Genome.Win32.127495
SangforTrojan.Win32.Save.a
K7AntiVirusRiskware ( 0015e4f01 )
BitDefenderGen:Variant.Ursu.827339
K7GWRiskware ( 0015e4f01 )
Cybereasonmalicious.a5a5bf
ArcabitTrojan.Ursu.DC9FCB
CyrenW32/A-66ffb7e1!Eldorado
SymantecML.Attribute.HighConfidence
tehtrisGeneric.Malware
ESET-NOD32MSIL/Agent.NHK
APEXMalicious
KasperskyHEUR:Trojan.Win32.Generic
NANO-AntivirusTrojan.Win32.Agent.cyagto
RisingTrojan.Generic/MSIL@AI.100 (RDM.MSIL:AoTgHBeCbLYQ8o+SdyAp8g)
Ad-AwareGen:Variant.Ursu.827339
SophosML/PE-A + Troj/Toasty-A
DrWebTrojan.DownLoader7.46913
VIPREGen:Variant.Ursu.827339
TrendMicroTROJ_SPNR.30BD13
McAfee-GW-EditionArtemis!Trojan
FireEyeGeneric.mg.714c7d5a5a5bfcf3
EmsisoftGen:Variant.Ursu.827339 (B)
IkarusTrojan.Win32.Sisron
JiangminTrojan/Genome.axcu
WebrootW32.Trojan.Gen
AviraTR/Dropper.Gen
MAXmalware (ai score=87)
Antiy-AVLTrojan/Generic.ASMalwS.2D
MicrosoftTrojan:Win32/Wacatac.B!ml
GDataGen:Variant.Ursu.827339
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Agent.R47393
Acronissuspicious
McAfeeRDN/Real Protect-LS
TrendMicro-HouseCallTROJ_SPNR.30BD13
TencentMalware.Win32.Gencirc.10b8b808
YandexTrojan.Agent!28Li4eRWhkg
SentinelOneStatic AI – Malicious PE
FortinetW32/Dx.BASH!tr
BitDefenderThetaGen:NN.ZemsilF.34806.Km3@aeCZ55k
AVGWin32:Trojan-gen
AvastWin32:Trojan-gen
CrowdStrikewin/malicious_confidence_90% (W)

How to remove MSIL/Agent.NHK?

MSIL/Agent.NHK removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment